Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

Migrate your OpenSSL Dynamic Engine from AWS CloudHSM Client SDK 3 to Client SDK 5

PDF
RSS
Focus mode
Migrate your OpenSSL Dynamic Engine from AWS CloudHSM Client SDK 3 to Client SDK 5 - AWS CloudHSM
Migrate to Client SDK 5Related topics

Use this topic to migrate your OpenSSL Dynamic Engine from AWS CloudHSM Client SDK 3 to Client SDK 5. For benefits on migrating, see Benefits of AWS CloudHSM Client SDK 5.

In AWS CloudHSM, customer applications perform cryptographic operations using the AWS CloudHSM Client Software Development Kit (SDK). Client SDK 5 is the primary SDK that continues to have new features and platform support added to it.

Note

Random number generation is not currently supported in Client SDK 5 with OpenSSL Dynamic Engine.

To review migration instructions for all providers, see Migrating from AWS CloudHSM Client SDK 3 to Client SDK 5.

Migrate to Client SDK 5

Follow the instructions in this section to migrate from Client SDK 3 to Client SDK 5.

Note

Amazon Linux, Ubuntu 16.04, Ubuntu 18.04, CentOS 6, CentOS 8, and RHEL 6 are not currently supported with Client SDK 5. If you are currently using one of these platforms with Client SDK 3, you will need to choose a different platform when migrating to Client SDK 5.

  1. Uninstall the OpenSSL Dynamic Engine for Client SDK 3.

    Amazon Linux 2
    $ sudo yum remove cloudhsm-client-dyn
    CentOS 7
    $ sudo yum remove cloudhsm-client-dyn
    RHEL 7
    $ sudo yum remove cloudhsm-client-dyn
    RHEL 8
    $ sudo yum remove cloudhsm-client-dyn
    anchoranchoranchoranchor
    $ sudo yum remove cloudhsm-client-dyn

  2. Uninstall the Client Daemon for Client SDK 3.

    Amazon Linux 2
    $ sudo yum remove cloudhsm-client
    CentOS 7
    $ sudo yum remove cloudhsm-client
    RHEL 7
    $ sudo yum remove cloudhsm-client
    RHEL 8
    $ sudo yum remove cloudhsm-client
    anchoranchoranchoranchor
    $ sudo yum remove cloudhsm-client
    Note

    Custom configurations need to be enabled again.

  3. Install the Client SDK OpenSSL Dynamic Engine by following the steps in Install the OpenSSL Dynamic Engine for AWS CloudHSM Client SDK 5.

  4. Client SDK 5 introduces a new configuration file format and command-line bootstrapping tool. To bootstrap your Client SDK 5 OpenSSL Dynamic Engine, follow the instructions listed in the user guide under Bootstrap the Client SDK.

  5. In your development environment, test your application. Make updates to your existing code to resolve your breaking changes before your final migration.

Related topics

On this page

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.